ADscan is a pentesting tool focused on automating collection, enumeration and common attack paths in Active Directory. It provides an interactive CLI with a wide range of commands to streamline int…

RISC-V Virtual Machine

Run Windows apps on 🐧 Linux with ✨ seamless integration

A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand.

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Clean network diagrams. One-time setup, zero upkeep.

A tool to play with scheduled tasks on Windows, in Rust

The DCERPC only printerbug.py version

Event Tracing for Windows EDR bypass in Rust (usermode)

The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.

Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.

C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, pivot and more.

A simple tool to identify WDS servers in Active Directory

Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)

An offensive data enrichment pipeline

Memory Obfuscation in Rust

Mainframe security auditing and scripts

Vulnerable kernel drivers to kill EDR

C2 writen in Rust & Go powered by Tor network.

A tool to work with all types of Kerberos delegations (unconstrained, constrained, and resource-based constrained delegations) in Active Directory

A delicious, but malicious SSL-VPN server 🌮